Oh well, If I ever get working I'll post the config's and an explanation. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > sorry, i dont know mate :( not my strong point dude! > > -----Original Message----- > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > Sent: 31 January 2003 21:55 > To: [EMAIL PROTECTED] > Subject: CCIE or a masters degree? [7:62287] > > > I was wondering, should I go for......... haha fooled you. > > If it takes trickery to get this question answered so be it. > > don't take this post the wrong way........... > > I have a 3600 router that current supports PPTP win2K clients using win2K > client. I do not wnat to use Cisco client for VPN. > What I am trying to do is authenticate using digital certificates. The Cert > server is Win2K certificate server. I used a MS machine as VPN server with > certificates and it works. I now need to get the Cisco router to do the > same. Currently VPN users connecting to 3640 router and are authenticated > via IAS using domain logons and it works fine this way. > Has anyone implemented this? The router has certificate and it all looks OK. > I'm not sure how to configure the router to use digital certificates to > authenticate the users instead of username/password. > When I try to login I get "verifying username and password" and then error > 619 : the specifoed port is not connected. > > Here is config: > > aaa new-model > aaa authentication login default group tacacs+ local line none > aaa authentication ppp default group radius > aaa authorization network default group radius none > enable secret 5 $1$2MGM$ttPEfWBYGVf.Hc78TEuwn0 > > vpdn enable > ! > vpdn-group 1 > ! Default PPTP VPDN group > accept-dialin > protocol pptp > virtual-template 1 > ! > vpdn-group 2 > ! > ! > crypto ca identity mscert > enrollment mode ra > enrollment url http://99.17.4.20:80/certsrv/mscep/mscep.dll > crypto ca certificate chain mscert > certificate 61285CC9000000000004 > ... > ... > 1CAC37AB 61BDC6 > quit > certificate ra-sign 6144F532000000000002 > .......... > > quit > certificate ra-encrypt 6144F7EF000000000003 > ................. > ............. > certificate ca 1B36F87430D2D4AC47DC9C0E1C4D9320 > > interface Virtual-Template1 > ip unnumbered FastEthernet0/0 > ip nat inside > ip mroute-cache > no keepalive > peer default ip address pool vpn > ppp encrypt mppe 128 required > ppp authentication ms-chap > ppp timeout authentication 5 > ! > ip local pool vpn 123.17.10.31 123.17.10.254 > > ......... > For more information about Barclays Capital, please > visit our web site at http://www.barcap.com. > > > Internet communications are not secure and therefore the Barclays > Group does not accept legal responsibility for the contents of this > message. Although the Barclays Group operates anti-virus programmes, > it does not accept responsibility for any damage whatsoever that is > caused by viruses being passed. Any views or opinions presented are > solely those of the author and do not necessarily represent those of the > Barclays Group. Replies to this email may be monitored by the Barclays > Group for operational or business reasons. > > ------------------------------------------------------------------------
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62316&t=62287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
